When the security industry characterizes the e-crime threat landscape, there is a temptation to focus on the everyday scams and high-volume aspect of the criminal threat landscape. These criminals are not particular about targets if there are financial rewards at the end. Obvious examples of these types of scams are the widely distributed malware aimed

On October 4, 2018, a Bloomberg Businessweek article alleged that in 2015, manufacturers inserted microchips onto the motherboards of servers destined for U.S. public and government organizations to provide Chinese government-sponsored threat actors with unauthorized access. The story was immediately refuted in its entirety by the three companies named in the story: Apple, Amazon, and

Version 67 of Google Chrome enabled site isolation by default in an effort to protect users against Spectre-based attacks. What is site isolation, and how does it defend against Spectre? Ever since Spectre (CVE-2017-5753 and CVE-2017-5715) was discovered at the start of 2018, the industry has been looking at ways to protect users and data

If you own an eCommerce website built on WordPress and powered by WooCommerce plugin, then beware of a new vulnerability that could compromise your online store. Simon Scannell, a researcher at RIPS Technologies GmbH, discovered an arbitrary file deletion vulnerability in the popular WooCommerce plugin that could allow a malicious or compromised privileged user to

Author: Dell SecureWorks Counter Threat Unit™ Threat Intelligence Date: 12 May 2015 Summary In early February 2015, Dell SecureWorks Counter Threat Unit™ (CTU™) researchers investigated a new file-encrypting ransomware family named TeslaCrypt, which was distributed by the popular Angler browser exploit kit. After encrypting popular file types with the AES-256 encryption algorithm, TeslaCrypt holds the

Author: Dell SecureWorks Counter Threat Unit™ Threat Intelligence Date: 27 August 2014 Overview In late February 2014, the Dell SecureWorks Counter Threat Unit™ (CTU™) research team analyzed a family of file-encrypting ransomware being actively distributed on the Internet. Although this ransomware, now known as CryptoWall, became well-known in the first quarter of 2014, it has

Summary Threat actors regularly develop new Trojan horse malware to fuel their operations and to ensure the longevity of their botnets. After the takedowns of the Gameover Zeus and Shylock botnets, researchers predicted that a new breed of banking malware would fill the void. In early June 2014, the Dell SecureWorks Counter Threat Unit™ (CTU™)

Author: Brett Stone-Gross, Ph.D.Dell SecureWorks Counter Threat Unit™ Threat Intelligence Date: 13 October 2015 Summary In the fall of 2015, the Dell SecureWorks Counter Threat Unit™ (CTU™) research team collaborated with the UK National Crime Agency (NCA), the U.S. Federal Bureau of Investigation (FBI), and the Shadowserver Foundation to take over the Dridex banking trojan.

Keeping pace with online threats can often feel like you’re plugging holes in a dam with your fingers, as soon as you’ve got one challenge under control, another issue pops up somewhere else. As employers create more flexible work conditions (BYOD, remote workforce, etc. and as mobility increases, organizations are faced with an increasingly complex

In August 2018, members of university communities worldwide may have been providing access to more than just homework assignments. Secureworks® Counter Threat Unit™ (CTU) researchers discovered a URL spoofing a login page for a university. Further research into the IP address hosting the spoofed page revealed a broader campaign to steal credentials. Sixteen domains contained

Your Mac computer running the Apple’s latest High Sierra operating system can be hacked by tweaking just two lines of code, a researcher demonstrated at the Def Con security conference on Sunday. Patrick Wardle, an ex-NSA hacker and now Chief Research Officer of Digita Security, uncovered a critical zero-day vulnerability in the macOS operating system

by Mark Stockley For two and a half years someone has been terrorising organisations by breaking in to their networks and infecting their computers with devastating, file-encrypting malware known as SamSam. The attacks are regular, but rarer and more sophisticated than typical ransomware attacks, and the perpetrators extort eye-watering, five-figure ransoms to undo the damage they

It’s time to update your Drupal websites. Drupal, the popular open-source content management system, has released a new version of its software to patch a security bypass vulnerability that could allow a remote attacker to take control of the affected websites. The vulnerability, tracked as CVE-2018-14773, resides in a component of a third-party library, called

Summary In 2017, Secureworks® Counter Threat Unit™ (CTU) researchers continued to track GOLD SKYLINE, a financially motivated Nigerian threat group involved in business email compromise (BEC) and business email spoofing (BES) fraud. During the investigation, CTU™ researchers discovered a previously unidentified BEC group that they have named GOLD GALLEON. Unlike other BEC groups, GOLD GALLEON

Dalton and Flowsynth help create and test packet captures Thursday, November 16, 2017 By: Counter Threat Unit Research Team When crafting intrusion detection system (IDS) and intrusion prevention system (IPS) rules for engines such as Suricata and Snort, it is imperative that the rules behave and perform as expected. Validation requires testing, but capturing the

By all means patch, but take a risk-based approach Thursday, January 11, 2018 By: Barry Hensley Cybersecurity continues to make headlines in the New Year, including public disclosure on January 3rd of two new vulnerabilities that affect most modern computer processors. Spectre and Meltdown represent a new class of vulnerability that takes advantage of performance

In December 2017, Secureworks® incident response (IR) analysts responded to multiple incidents where threat actors compromised vulnerable Internet-facing Oracle WebLogic servers on Linux and Windows systems to deploy cryptocurrency software. The unauthorized activity significantly impacted the performance of business-critical and client-facing applications. The continued inquiries about this activity in January 2018 suggest that many organizations

Security services, IoT, integrated platforms, GDPR, skills shortage, detection and response, machine learning, automation and orchestration are just a few of the key themes in a vast array of industry analyst predictions about the changing security landscape for customers and vendors in 2018. Following are just a few of these predictions that highlight how cybersecurity

Threat actors continue to use opportunistic attacks to compromise networks and deploy SamSam ransomware to collect money from various types of organizations. Thursday, February 15, 2018 By: Counter Threat Unit Research Team On February 15, 2018, Secureworks® Counter Threat Unit™ (CTU) researchers published details about the tools and techniques used in a series of high-profile

Summary In 2015, the SecureWorks® Counter Threat Unit™ (CTU) research team documented the BRONZE UNION threat group (formerly labeled TG-3390), which CTU™ analysis suggests is based in the People’s Republic of China (PRC). Since that analysis, CTU researchers have observed multiple BRONZE UNION threat campaigns that illustrate the evolution of the group’s methods and espionage

Summary The IRON TWILIGHT threat group has targeted non-governmental organizations (NGOs), journalists, politicians, political organizations, governments, and militaries since at least 2009. SecureWorks® Counter Threat Unit™ (CTU) researchers assess it is highly likely that IRON TWILIGHT is sponsored by the Russian government. In Spring 2015, the Russian government began tasking IRON TWILIGHT with activity beyond

Summary In May 2017, SecureWorks® Counter Threat Unit® (CTU) researchers investigated a widespread and opportunistic WCry (also known as WanaCry, WanaCrypt, and Wana Decrypt0r) ransomware campaign that impacted many systems around the world. Some affected systems have national importance. CTU® researchers link the rapid spread of the ransomware to use of a separate worm component